Additional information on MAC accounting from Hakan Lindholm... (specifically, the SNMPv2c object to pull 64bit MAC accounting counters) - Dan ------ Forwarded Message From: Hakan Lindholm <hakan@staff.spray.se> Date: Fri, 21 Jan 2005 20:36:45 +0100 (CET) To: Daniel Golding <dgolding@burtongroup.com> Cc: <druid@softdust.com>, andrew matthews <exstatica@gmail.com> Subject: Re: Graphing Peering I'm not registerred to post on nanog. You may send this info in, with or without quoting me.. On Thu, 20 Jan 2005, Daniel Golding wrote:
Andrew,
The 32 bit counters are a significant problem when using gigabit ethernet public peering interfaces. Needless to say, MAC accounting was not designed for gigabit speeds. Frequent polling is, sadly the only solution. If you write your own scripts, make sure to account for counter wrapping.
What about the .1.3.6.1.4.1.9.9.84.1.2.3.1.2 tree? Remeber to use SNMPv2c. We use the following to generate some MRTG config: while (!$session->{ErrorStr} and $$vars[0]->tag eq "ipNetToMediaNetAddress"){ if ($type eq "dynamic") { @mac = split(/:/, $mac); $decmac = join('.', hex $mac[0], hex $mac[1], hex $mac[2], hex $mac[3], hex $mac[4], hex $mac[5]); ($iname, @junk) = gethostbyaddr( pack( "C4", split( "\\.", $ip )), AF_INET ); if (-z $iname) {$iname = $ip}; if (!defined($peers{$ip})) {$peers{$ip} = "no BGP peer"}; $ifi = $ix{$router}[1]; print "\n"; print "Target\[$ip\]: 1.3.6.1.4.1.9.9.84.1.2.3.1.2.$ifi.1.$decmac\&1.3.6.1.4.1.9.9.84.1.2.3.1.2.$i fi.2.$decmac:$ARGV[1]\@$ARGV[0]:::::2\n", "MaxBytes\[$ip\]: 25000000\n", "Title\[$ip\]: $ix{$router}[0]: $peers{$ip}\n", "PageTop\[$ip\]: <H1>$ix{$router}[0]: $peers{$ip}</H1>\n", "\tIP: $ip, DNS: ", $iname, "\n"; } ($ip,$mac,$type) = $session->getnext($vars); }; (This is only part of the script. You should make it work in your environment quite easy though.)
- Dan
on 1/20/05 9:45 AM, "druid@softdust.com" <druid@softdust.com> wrote:
On Wed, 2005-01-19 at 22:41, andrew matthews wrote:
Another problem you might run into is counter wrapping. When polling every 5 minutes, some counters may wrap. (there is no 64 bit counter for the mac-address accounting). So you have to run it in short timeframes, causing more cpu utilization.
Talking about Cisco, see above. There is such counters.
But all in all, mac-accounting and Netflow source-as give you a very good overview of your network flows.
Yes indeed. /H ------ End of Forwarded Message